At least two U.S. states and two European Union member states are investigating a breach at Alphabet Inc’s Google that may have exposed private profile data of at least 500,000 users to hundreds of external developers.The investigations follow Google’s announcement on Monday that it would shut down the consumer version of its social network Google+ and tighten its data-sharing policies after a “bug” potentially exposed user data that included names, email addresses, occupations, genders and ages.
“We are aware of public reporting on this matter and are currently undertaking efforts to gain an understanding of the nature and cause of the intrusion, whether sensitive information was exposed, and what steps are being taken or called for to prevent similar intrusions in the future,” Jaclyn Severance, a spokeswoman for Connecticut Attorney General George Jepsen, said. Google said the issue was discovered and patched in March as part of a review of how Google shares data with other applications. No developer exploited the vulnerability or misused data, the company’s review found.